unocss

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill clearly can ingest arbitrary third‑party content — e.g., references in references/core-extracting.md show an inline extractor example that does async fetching ((await fetch('https://example.com')).text()), and preset-icons/docs mention CDN/auto-install and dynamic imports — so the agent may read and interpret untrusted web content as part of its workflow.